Fortigate Command(上)

get sys
get system performance status # 可察看目前系統使用 CPU/Memory 使用狀態
get system status # 可察看目前系統使用何種 Firmware 版本,也可確認 Log hard disk 是否正常。
get system arp
diag sys top # 可查看目前系統 daemon 使用狀態
diagnose hardware sysinfo memory
diagnose antivirus database-info # show virus grayware signature count for antivirus databases.
diag sys session stat # 可察看目前系統承載多少 Session 量
diag hardware test disk # Disk check
get system interface # 查看介面狀態,包含IP
get system interface physical # 查看介面狀態,包含IP
get router info routing-table detail # routing table
excute shutdown # 設備關機
unset # 取消設定
end #執行設定
abort # 離開不儲存

execute log delete-all #清除log
___________________________________________________
## fortiguard ## upgrade
config system fortiguard
set port 53
set source-ip <SELF-IP>
end

config system dns
set source-ip <SELF-IP>

https://kb.fortinet.com/kb/documentLink.do?externalID=FD43725

___________________________________________________

## Ping ##
FGT# execute ping-options ?
execute ping-options adaptive-ping <enable|disable>
execute ping-options data-size <bytes>
execute ping-options df-bit {yes | no}
execute ping-options pattern <2-byte_hex>
execute ping-options repeat-count <repeats>
execute ping-options source {auto | <source-intf_ip>}
execute ping-options timeout <seconds>
execute ping-options tos <service_type>
execute ping-options ttl <hops>
execute ping-options validate-reply {yes | no}
execute ping-options view-settings
___________________________________________________
## trace route ##
execute traceroute-options source x.x.x.x
execute traceroute x.x.x.x

___________________________________________________
## reset ##
exec factoryreset
___________________________________________________
# Forward log on #
config log memory filter
set severity information
get

___________________________________________________
# traffic sniffer #

指令格式:
diagnose sniffer packet <interface> <filter> <verbose>
結束指令:
鍵盤輸入 ctrl + c

範例:查看 192.168.198.151 ping 168.95.1.1
diagnose sniffer packet lan ‘icmp and host x.x.x.x’
diag sniffer packet internal ‘src host x.x.x.x and dst host x.x.x.x’ 4
diagnose sniffer packet any ‘net x.x.x.x’ 4
diagnose sniffer packet any ‘host x.x.x.x and host x.x.x.x’ 6 0 l

#output to pcap file#
access use ssh
open log file

dia sniffer packet any ‘host x.x.x.x or host x.x.x.x and port 53’ 3 2000

#change file to *.pcap#
fgt2eth.exe -in putty1.txt -out putty1.pcap

# VDOM #
edit root
diag sniffer packet <interface> <filter> <verbose>

___________________________________________________
# 切換VDOM #
config global
config vdom
edit (vdom name)
set opmode trans
set manageip …….
set gate ……
end
VDOM create ZONE
edit interface to VDOM
___________________________________________________
# 做透通架構要把下述的2層的轉發功能開啟 #
confit sys interface
edit ha1
ser arpforward enable
set borad enable
set l2forward enable
set stp en
set vlan en
___________________________________________________

___________________________________________________
## show all log ## no disk insert

config log memory filter
get
set severity warning
end
config log memory global-setting
get
set max-size

get system status #check disk log status

config log disk setting
get
set status enable
end
___________________________________________________
## create report ## for disk insert

excute report run default ‘20180-01-24 00’ ‘2018-01-24 23’

___________________________________________________
## create address ##
config firewall address
edit block_x.x.x.x
set subnet x.x.x.x 255.255.255.255
end

___________________________________________________
## create firewall policy ##
config firewall policy
edit 15

___________________________________________________
## syslog ##
config log syslogd filter
set severity {option} Lowest severity level to log.
set forward-traffic {enable | disable} Enable/disable forward traffic logging.
set local-traffic {enable | disable} Enable/disable local in or out traffic logging.
set multicast-traffic {enable | disable} Enable/disable multicast traffic logging.
set sniffer-traffic {enable | disable} Enable/disable sniffer traffic logging.
set anomaly {enable | disable} Enable/disable anomaly logging.
set voip {enable | disable} Enable/disable VoIP logging.
set dns {enable | disable} Enable/disable detailed DNS event logging.
set filter {string} Syslog filter. size[511]
set filter-type {include | exclude} Include/exclude logs that match the filter.
include Include logs that match the filter.
exclude Exclude logs that match the filter.
end

show log syslog

config log syslogd setting
set port 9004
end

文件參考區:http://docs.fortinet.com/fortigate/admin-guides

發佈日期:
分類: 未分類